Privacy Policy

Effective Date: May 1, 2026

Last Updated: May 1, 2026

1. Introduction

PensionForge, LLC ("PensionForge," "Company," "we," "us," or "our") operates the website https://pensionforge.com and the PensionForge retirement modeling service (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.

PensionForge is not affiliated with, endorsed by, or connected to the Florida Retirement System, the State Board of Administration of Florida, the Florida Division of Retirement, or any other Florida state or local government agency.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation)
• Authentication method (email magic link or Google OAuth)
• Google profile information (name and email, if you choose Google OAuth)

Profile Information:

• Career stage (early, mid, or late career)
• Job classification (Special Risk: firefighter, law enforcement officer, corrections officer, EMS/paramedic; Regular Class: teacher, state employee, county/municipal employee, university staff)
• FRS class designation (Special Risk or Regular Class)
• Hire date
• Date of birth (used solely for age and retirement timeline calculations; not stored in scenario result records but retained in profile data)

Scenario and Calculator Inputs:

• Salary information
• Years of service
• Contribution rates and balances
• DROP participation details
• Investment return assumptions
• Household/spouse income data (Pro tier)
• Other retirement-relevant financial parameters you enter

Alert Configurations:

• Metric type (e.g., DROP lump sum, monthly pension, projected 457(b) balance, projected Roth balance, years to retirement)
• Threshold value and direction (above/below)
• Descriptive labels

Payment Information:

• Subscription plan selection and billing cycle preference
• Note: Payment card details (card number, CVV, expiration) are collected and processed exclusively by Stripe, Inc. and are never transmitted to or stored on PensionForge servers.

Waitlist Information:

• Email address
• Tier interest (Pro or Founder promotional status)
• Source page (the page from which you joined the waitlist)
• Your user ID, if you are signed in at the time of signup

Communications:

• Feedback submissions (bug reports, feature requests, data accuracy concerns)
• Support inquiries via email

AI Narrative Data:

• When you request a narrative summary, the generated text is cached on our servers and associated with your scenario
• Per-user generation counters (tracked by user ID and generation date) record how many narratives have been generated

2.2 Information Collected Automatically

Usage Analytics (via Vercel Analytics):

• Pages visited and features used
• Session duration and frequency
• Device type, browser type, and operating system
• Referring URL
• Country-level geographic location (derived from IP address)

Performance Data (via Vercel Speed Insights):

• Page load times
• Core Web Vitals metrics (Largest Contentful Paint, First Input Delay, Cumulative Layout Shift, Interaction to Next Paint, Time to First Byte)
• Error occurrences

Server Logs:

• IP address (used for rate limiting, security, and abuse prevention; not linked to your account profile for analytics purposes)
• Request timestamps
• HTTP method and endpoint accessed

2.3 Information We Do Not Collect

• Social Security numbers
• Bank account numbers or routing numbers
• Investment account credentials or balances from external institutions
• Employer-specific personnel records
• Biometric data
• Precise geolocation (GPS coordinates)
• Data from your contacts, camera, or microphone
• Advertising identifiers or cross-site tracking data

3. How We Use Your Information

We use the information we collect for the following purposes:

We do not use your information to:

• Sell or rent your personal data to third parties
• Serve advertisements
• Market financial products or services from third parties
• Build advertising or behavioral profiles
• Make automated decisions that produce legal effects concerning you
• Train machine learning models on your personal financial data
• Track you across other websites or applications

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with the following categories of service providers, solely to the extent necessary to provide the Service:

4.2 We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information to any third party for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

4.3 Legal Disclosures

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, subpoena, court order, or governmental request;
• Protect and defend our rights or property;
• Prevent or investigate possible wrongdoing in connection with the Service;
• Protect the personal safety of users or the public;
• Protect against legal liability.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service at least thirty (30) days before such transfer, including any changes in data practices, and inform you of any choices you may have regarding your data.

4.5 Aggregated and De-Identified Data

We may create and share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data is not subject to this Privacy Policy.

5. Data Storage and Security

5.1 Data Storage Location

Your data is stored on servers operated by Supabase (database) and Vercel (application hosting) in the United States.

5.2 Security Measures

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).
• Encryption at rest: Database storage is encrypted at rest using AES-256 encryption provided by our infrastructure provider.
• Row-Level Security (RLS): PostgreSQL Row-Level Security policies enforce strict per-user data isolation at the database level. Each user can only access their own profiles, scenarios, and alerts.
• Defense-in-depth: Application-layer access controls supplement database-level security as an additional safeguard.
• Authentication security: Magic link tokens expire after one hour. Sessions are managed server-side with secure, HTTP-only cookies.
• Rate limiting: Endpoints are rate-limited to prevent brute-force attacks and abuse (e.g., waitlist: 5 signups per hour per IP; feedback: 5 submissions per hour per user).
• No plaintext secrets: Sensitive configuration (API keys, database credentials) is stored in environment variables, never in source code or client-side bundles.
• Payment isolation: Payment card data never touches our servers; it flows directly from your browser to Stripe's PCI-compliant infrastructure.

5.3 Security Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You use the Service at your own risk.

5.4 Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within seventy-two (72) hours of confirming the breach, or within such shorter period as required by applicable state law (e.g., Florida requires notification "as expeditiously as practicable" and no later than 30 days; California requires notification "in the most expedient time possible"). Notifications will describe the nature of the breach, the types of information involved, and steps you can take to protect yourself.

6. Data Retention

6.1 Active Accounts

We retain your personal information for as long as your account remains active and as needed to provide the Service.

6.2 Account Deletion

Upon account deletion, data is handled as follows:

6.3 Inactive Accounts

We may delete accounts and associated data after twenty-four (24) consecutive months of inactivity, with thirty (30) days' advance email notice to the registered address.

6.4 Legal Retention

We may retain specific information beyond the periods described above as necessary to:

• Comply with applicable law, regulation, or legal process;
• Resolve pending disputes or enforce our agreements;
• Investigate or prevent fraud, security incidents, or Terms violations;
• Meet tax, accounting, or financial reporting obligations.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

• Access the personal information we hold about you;
• Request a copy of your data in a structured, machine-readable format (JSON);
• View all your saved scenarios and profile information through the Service interface.

7.2 Correction

You may update or correct your profile information and scenario data at any time through the Service. If you need assistance correcting information you cannot modify directly, contact us at team@pensionforge.com.

7.3 Deletion

You have the right to delete your account and all associated data. Account deletion can be initiated through your account settings. Upon deletion, we will remove your data as described in Section 6.2. Note that certain data may be retained by third-party processors or for legal compliance as described therein.

7.4 Alert and Email Preferences

You may:

• Disable individual threshold alerts through your alert settings;
• Unsubscribe from alert notification emails via the unsubscribe link in any alert email;
• Manage alert preferences at https://pensionforge.com/alerts/unsubscribe.

Note: You cannot opt out of transactional emails (authentication links, security notices, subscription receipts) while maintaining an active account.

7.5 Cookies and Analytics

The Service uses essential cookies for authentication and session management. We use Vercel Analytics for basic usage metrics and Vercel Speed Insights for performance monitoring. We do not use third-party advertising cookies, cross-site tracking pixels, or fingerprinting techniques.

7.6 Local Data

You may clear locally cached data (profile, scenarios stored in IndexedDB for offline use) at any time by clearing your browser's site data for pensionforge.com. This does not affect data stored on our servers.

7.7 Do Not Track

The Service does not currently respond to "Do Not Track" browser signals. However, we do not engage in cross-site tracking regardless of this signal.

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides California residents with specific data privacy rights if the business meets applicable thresholds (annual gross revenue exceeding $25 million; buying/selling/sharing personal information of 100,000+ consumers; or deriving 50%+ of revenue from selling/sharing personal information).

Whether or not PensionForge currently meets these thresholds, we are committed to honoring the following rights for California residents:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, detecting fraud, complying with legal obligations).

Right to Correct: You may request correction of inaccurate personal information.

Right to Opt Out of Sale/Sharing: We do not sell or share (for cross-context behavioral advertising) your personal information. No opt-out is necessary.

Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (date of birth, financial scenario inputs) only for the purpose of providing the Service you requested. No limitation request is necessary.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (per CCPA categories):

• Identifiers (email address, IP address, Stripe customer ID, user ID)
• Financial information (subscription status, scenario inputs involving salary/contributions; payment card details held exclusively by Stripe)
• Internet or electronic network activity (usage analytics, pages visited, performance metrics)
• Professional or employment-related information (job classification, hire date, career stage, FRS class)
• Inferences (calculated retirement projections based on inputs you provide)
• Sensitive personal information (date of birth; financial modeling inputs)

Sources: Directly from you; automatically via Vercel Analytics and Speed Insights.

Business Purposes for Collection: As described in Section 3 of this Privacy Policy.

Third Parties Receiving Data: Service providers listed in Section 4.1. We do not sell or share data with third parties for their own commercial purposes.

Retention: As described in Section 6.

Authorized Agent: You may designate an authorized agent to make requests on your behalf by providing written authorization and identity verification.

Verification: We will verify your identity before fulfilling access or deletion requests by confirming your email address through the authentication method on file.

How to Exercise Rights: Contact team@pensionforge.com with "California Privacy Request" in the subject line. We will respond within forty-five (45) days.

If PensionForge meets CCPA thresholds at any future point, we will publish a conforming California Privacy Notice with all required disclosures.

8.2 Florida Residents

If you are a Florida resident, you may have rights under the Florida Digital Bill of Rights (FDBR), effective July 1, 2024. The FDBR applies to businesses meeting specific revenue and data-processing thresholds. Regardless of threshold applicability, we are committed to honoring these rights:

• Right to confirm whether we are processing your personal data;
• Right to access your personal data;
• Right to correct inaccuracies;
• Right to delete your personal data;
• Right to obtain a portable copy of your data;
• Right to opt out of the sale of personal data (we do not sell personal data);
• Right to opt out of targeted advertising (we do not engage in targeted advertising);
• Right to opt out of profiling that produces legal or similarly significant effects (we do not engage in such profiling).

Florida residents also have protections under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). Nothing in this Privacy Policy is intended to limit any rights you may have under applicable Florida consumer protection laws.

8.3 Other U.S. State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and other states with consumer privacy laws may have similar rights to access, correct, delete, and port their data, as well as rights to opt out of certain processing activities.

To exercise these rights, contact team@pensionforge.com with your state of residence and the specific right you wish to exercise. We will respond within the timeframe required by your state's law (typically 30-45 days).

9. Children's Privacy

9.1 Age Requirement

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18.

9.2 Household Data Involving Minors

The household modeling feature is designed for spousal or partner retirement income modeling. Users may not enter a minor's personal information unless they are the minor's parent or legal guardian and the data is limited to what is reasonably necessary for dependent-related retirement calculations.

9.3 Discovery of Minor Data

If we become aware that we have collected personal information from a person under 18 without appropriate parental or guardian authorization, we will promptly delete that data and, if applicable, terminate the associated account. If you believe a child has provided us with personal information, please contact us immediately at team@pensionforge.com.

10. International Users

The Service is operated from and hosted in the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States. We do not specifically target users outside the United States, and the Service's calculations are specific to the Florida Retirement System.

11. Third-Party Links and Services

The Service may contain links to third-party websites, including official FRS resources, Florida legislative databases, and IRS publications. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party website you visit. The inclusion of any link does not imply affiliation with or endorsement by the linked organization.

12. Offline and Local Data

12.1 Unauthenticated Use

When you use PensionForge calculators without signing in, all calculations are performed locally in your browser. No data is transmitted to our servers. We have no access to inputs or results from unauthenticated sessions.

12.2 Authenticated Offline Storage

When you are signed in, the Service caches your profile data and scenario data locally in your browser's IndexedDB storage to enable offline access. This locally cached data may include:

• Profile information (including date of birth and hire date);
• Scenario inputs and calculated results;
• Alert configurations.

This data remains on your device and is only synced with our servers when you are online and make changes. Unlike server-stored data, locally cached data is not protected by server-side access controls (such as Row-Level Security); it is accessible to anyone with physical or software access to your browser's storage on that device. You are responsible for securing access to your device. You may clear locally stored data at any time by clearing your browser's site data for pensionforge.com (typically via browser settings under "Clear browsing data" or "Manage site data").

12.3 Progressive Web App (PWA)

The Service supports installation as a Progressive Web App. When installed, the Service caches application assets (HTML, CSS, JavaScript) and the authenticated data described in Section 12.2 for offline functionality. Uninstalling the PWA removes cached application assets; browser site data may need to be cleared separately.

13. AI-Generated Content and Processing

13.1 How AI Is Used

The Service uses Anthropic's Claude API to generate natural language narrative summaries of your retirement scenario projections. AI generation occurs only when you explicitly request it (e.g., by clicking "Generate Summary" on the dashboard).

13.2 Data Sent to Anthropic

When you request a narrative summary, the following scenario-derived context is sent to Anthropic for processing:

• Numerical projection results (e.g., estimated pension amount, DROP balance, contribution totals);
• Calculation parameters and assumptions.

We do not send your email address, date of birth, account ID, scenario names, or other account-level personally identifiable information to Anthropic.

13.3 Narrative Caching and Storage

Generated narratives are cached on our servers and associated with your scenario to avoid redundant API calls. Per-user generation counters (tracked by user ID and date) record usage. Cached narratives are deleted when you delete the associated scenario or your account.

13.4 Anthropic's Data Practices

Anthropic's API is subject to Anthropic's privacy policy and usage policies. Per Anthropic's commercial API terms (as of the date of this policy), data sent through the API is not used to train Anthropic's models. We encourage you to review Anthropic's current privacy policy for the most up-to-date information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last Updated" date at the top of this policy;
• We will notify registered users via email at least thirty (30) days before material changes take effect;
• We will post a prominent notice on the Service.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms. If you do not agree to the revised policy, you may delete your account before the effective date.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

PensionForge, LLC Email: team@pensionforge.com Website: https://pensionforge.com

For privacy-specific inquiries or to exercise your data rights, please include "Privacy Request" in your subject line.

We will respond to all privacy-related inquiries within thirty (30) days (or such shorter period as required by applicable state law).

16. Data Protection Summary

For quick reference, here is a summary of our core data commitments: